Robert Clark: Cyber Law Professor at the United States Military Academy

Rick Howard: Palo Alto Networks CSO

Brian Kelly: Quinnipiac University CISO

Dawn-Marie Hutchinson: Comm Solutions Company CISO

Hannah Kuchler: Journalist, Financial Times

Neena Lakhani: Marketing Manager at Data Integration

Jon Oltsik: Sr. Principal Analyst, Enterprise Strategy Group

Dan Ragsdale: Program Chair, Cyber Center of Excellence, Texas A&M

Ben Rothke: Senior eGRC Consultant at Nettitude Group

Steve Winterfeld: Nordstrom Bank ISO

For the newbies in the crowd, a canon is a list of collected works that the applicable community has accepted as genuine. The Cybersecurity Canon project is an effort to identify all of the cybersecurity books that we, as a community of professionals, should have read by now.

We set up the project similarly to the Baseball Hall of Fame. Like the Baseball Writers’ Association of America, the cybersecurity community — that’s us — suggests titles that should be considered as candidates for induction into the Canon. They do that by writing a review of their book and making the case on why the book should be accepted as a candidate. Anybody can write a book review for his or her favorite books.

The Cybersecurity Canon Committee considers each review on merit and decides whether or not the reviewer made a strong enough case to include the book on the candidate list. If so, we add the book and the book review to the Canon page (click on the book covers to read the review).

Today, we have roughly 25 books on the candidate list, including both fiction and non-fiction. Candidate books in the non-fiction category range in topics from crime to espionage, hacktivism, warfare and technical. Candidates in the fiction category qualify if the story the author is telling contains cybersecurity elements that are true or possible. The Committee estimates that there should be at least 125 books on the candidate list at any given time. That is where you come in.

If you have a favorite book that you think everybody in our community should have read by now in order to be a complete cybersecurity professional, get cracking on that book review. This web page describes the criteria for what the committee is looking for in a book review.

Sometime at the beginning of calendar year 2016, we will open the candidate list for community voting. In other words, you get to vote on which books we induct into the Canon for 2016. So far, we have inducted these five books:

The 2016 inductee season is officially underway. Please help us grow the Cybersecurity Canon project by reviewing the candidate list, sending me suggestions for other titles that should be there, and, most importantly, writing your own reviews for the books that should be on the candidate list. In the meantime, I will keep you updated throughout the year as we add more titles and get closer to opening up the voting process for 2016 selection.